Skip to content

Instantly share code, notes, and snippets.

@ericandrewlewis
Last active November 11, 2023 18:18
Show Gist options
  • Save ericandrewlewis/80bf56e83b838767ba6cbd1203fcb03c to your computer and use it in GitHub Desktop.
Save ericandrewlewis/80bf56e83b838767ba6cbd1203fcb03c to your computer and use it in GitHub Desktop.
Set up an Ubuntu Web Server on an Intel Nuc, steps and code snippets

All the steps and code snippets from my tutorial series Set up an Ubuntu Web Server on an Intel NUC

Get an image

Get an Ubuntu image for your NUC

Update the apt repositories

apt update -y & apt upgrade -y

Don't let the computer sleep at the login screen, so it's always up.

sudo su
su lightdm -s /bin/bash
dbus-launch gsettings set org.gnome.settings-daemon.plugins.power sleep-inactive-ac-timeout 0
exit
exit

Setup a static IP address

  1. Go to Network > Choose your Network > IPv4 Settings
  2. Set "Method" to "Manual"
  3. Add a static IP address, I picked 192.168.1.100
    1. Set the netmask. You can find the netmask by running ifconfig
    2. Set the gateway. You can find the gateway by running ip route show
  4. Set DNS servers, I used Google's 8.8.8.8, 8.8.4.4

Port Forwarding

Log in to your router's admin and configure port forwarding for 80, 443, and 22222 (or whatever port you pick for ssh)

Configure SSH

Install open ssh server

sudo apt install -y openssh-server

Edit /etc/sshd_config and change the Port to your preferred port

Create a keypair on your computer, and send it to the server:

ssh-copy-id -i ~/.ssh/keyfilenamehere user@host -p 22222

Add this config to the bottom of /etc/sshd_config to disable password login:

ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM no

Fail2ban

Install fail2ban

sudo apt install -y fail2ban

Copy the fail2ban default configuration to a file we can safely edit

sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Edit the /etc/fail2ban/jail.local file, and scroll to the [ssh] jail section, add:

enabled = true

Change the port to the port ssh is running on (22222 for me)

Restart fail2ban to apply configuration changes:

sudo systemctl restart fail2ban

Dynamic DNS

I use no-ip... get a wilcard domain name that comes with Dynamic DNS.

Set up their dynamic updater so the Dynamic DNS part works.

Certbot

Install Certbot

sudo apt-get update -y
sudo apt-get install -y software-properties-common
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update -y
sudo apt-get install -y certbot 

Get an HTTPS certificate and private key:

sudo certbot certonly --standalone -d example.com -d www.example.com

Install Docker

Install Docker for Ubuntu

Setup an NGINX application router

I added this nginx config into ~/apps/nginx-app-router/nginx.conf

and then I ran

sudo docker run \
  --volume /home/eric/apps/nginx-app-router/nginx.conf:/etc/nginx/nginx.conf:ro \
  --volume /etc/letsencrypt:/etc/letsencrypt \
  --publish 80:80 \
  --publish 443:443 \
  --detach \
  --restart always \
  nginx

Running Docker-based apps

Edit the NGINX configuration at ~/apps/nginx-app-router/nginx.conf to add a server block for the app, specifying the subdomain, port, and the NUC's static IP address:

server {
    listen 443 ssl;
    server_name  next-subways.curious-directory.com;

    location / {
        proxy_pass http://192.168.1.100:8002;
    }
}

Build a Docker image:

sudo docker build --tag next-subways .

Run the image:

sudo docker run \
  --detach \
  --publish 8002:8080 \
  --env NODE_ENV='production' \
  --env MTA_API_KEY=$API_KEY \
  --restart always \
  next-subways
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment